Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
101102103104105106107108109110
99
Item Descri
p
tion
Mandatory CHAP
Specify whether to enable mandatory CHAP authentication between
the LNS and client.
After the LAC authentications the client, the LNS may re-authenticate
the client for higher security. With mandatory CHAP authentication
configured on the local end, a VPN client that depends on a NAS to
initiate tunneling requests is authenticated twice: once when accessing
the NAS and once on the LNS by using CHAP. Some PPP clients may
not support re-authentication, in which case LNS side CHAP
authentication will fail.
Mandatory LCP
Specify whether to enable mandatory Link Control Protocol (LCP)
re-negotiation between the LNS and client.
A NAS-Initiated VPN client first negotiates with the NAS at the start of
a PPP session. If the negotiation succeeds, the NAS initiates an L2TP
tunneling request and sends the user information to the LNS. The LNS
then determines whether the user is valid according to the proxy
authentication information received. If you enable the mandatory LCP
re-negotiation, the LNS and the client will renegotiate LCP, and in this
case, the proxy authentication information from the NAS will be
neglected. Some PPP clients may not support LCP re-negotiation, in
which case LCP re-negotiation will fail.
Table 25 Configuration items for adding an ISP
Item Descri
p
tion
ISP Domain Specify the name of the ISP domain.
Authentication
Methods
Primary
Server Type
Select the authentication server type for PPP users.
HWTACACS: Uses HWTACACS authentication.
Local: Uses local authentication.
None: All users are trusted and no authentication is
performed. Generally, do not use this method.
RADIUS: Uses RADIUS authentication.
If you do not select any authentication method, the default
authentication method of the ISP domain will be used, which is
Local by default.
Scheme
Scheme for the primary authentication method, which is
displayed when you select HWTACACS or RADIUS as the
server type. The scheme is always system.
Backup Specify whether to enable the backup authentication method.